package com.carlyang.studentinfo.web;

import java.io.IOException;
import java.sql.Connection;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.carlyang.studentinfo.dao.UserDao;
import com.carlyang.studentinfo.model.User;
import com.carlyang.studentinfo.util.DBUtil;
import com.carlyang.studentinfo.util.LogUtil;
import com.carlyang.studentinfo.util.StringUtil;

public class LoginServlet extends HttpServlet{
	public static final String TAG = "LoginServlet";
	DBUtil dbUtil = new DBUtil();
	UserDao userDao = new UserDao();
	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	@Override
	protected void doGet(HttpServletRequest request, HttpServletResponse response) 
			throws ServletException, IOException {
		// TODO Auto-generated method stub
		this.doPost(request, response);
	}

	@Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response) 
			throws ServletException, IOException {
		// TODO Auto-generated method stub
		String userName = request.getParameter("userName");
		String password = request.getParameter("password");
		//System.out.println("userName:"+userName+",password:"+password);
		LogUtil.i(TAG, "登录请求-->"+"userName:"+userName+",password:"+password);
		if (StringUtil.isEmpty(userName)||StringUtil.isEmpty(password)) {
			request.setAttribute("error", "用户名或密码为空！");
			//服务器跳转到首页
			request.getRequestDispatcher("index.jsp").forward(request, response);
			return;
		}else if (userName.contains("*")||userName.contains("#")||userName.contains("/")||userName.contains("\\")||userName.contains("&")||userName.contains("@")||userName.contains("^")||userName.contains("$")) {
			request.setAttribute("error", "用户名带有非法字符！");
			request.setAttribute("userName",userName);
			request.setAttribute("password",password);
			//服务器跳转到首页
			request.getRequestDispatcher("index.jsp").forward(request, response);
			return;
		}
		User user = new User(userName, password);
		Connection con = null;
		try {
			LogUtil.i(TAG, "连接数据库......");
			con = DBUtil.getConnection();
			User currentUser = userDao.login(con, user);
			if (currentUser == null) {
				request.setAttribute("error", "用户名或密码错误！");
				request.setAttribute("userName",userName);
				request.setAttribute("password",password);
				LogUtil.i(TAG, "登录失败，用户名或密码错误！");
				//服务器跳转到首页
				request.getRequestDispatcher("index.jsp").forward(request, response);
				return;
			}else {
				//登录成功，服务器查询本次请求中的session会话，对其添加新的属性，只要客户端浏览器不关闭信息不刷新不丢失
				HttpSession session = request.getSession();
				session.setAttribute("currentUser", user);
				//客户端跳转,
				response.sendRedirect("main.jsp");
				LogUtil.i(TAG, "登录成功！");
			}
			
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}finally {
			try {
				DBUtil.closeCon(con);
				LogUtil.i(TAG, "关闭数据库连接成功！---------------------------------");
			} catch (Exception e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
		}
		
	}

	
}
